I hope nobody expected every single copied document to be analysed and refreshed for this agreement. A lot of existing documents will be copied into a new deal as they exist today.
I might be naive but I was expecting that someone would read it and catch things like this. It's a trade deal, not a high school homework.
If it's too long to be read, then are all those details really necessary?
It just like contracts, most privacy policies, etc that are written in gibberish, are extremely verbose, yet everyone is afraid to simplify it because "there must be a reason why legal documents are not written in plain English". Sometimes there is no good reason.
There are groups interested in those details which will pick them up when the time comes. If people started bikeshedding the details right now, nothing would be achieved. Raising the browser or hash issue in this case would be like stopping a discussion about moving a 2000 people corporate HQ to another location to make sure that a specific wobbly chair on the 2nd floor gets fixed in the process. It's not the right time and place to discuss it.
But the wobbly chair was thrown out in 2010, yet is still referenced by name in the premises migration checklist.
In other words if it's so insignificant as not to be discussed it shouldn't be included at all. Any processes should have been written at a high level with a call out to the specific specialist organisations who implement them.
But that would require proper, diligent scrutiny. I mean, it's only a deal that will affect hundreds of billions in trade every year and numerous other foreign relations issues, indefinitely, and it's only around 1,200 pages long. What could possibly go wrong asking elected representatives of 28 states to approve it with less than a week to even see it and, in the UK's case, a single day of Parliamentary debate? (For comparison, the news today mentioned that Maastricht got more like a month.)
> If it's too long to be read, then are all those details really necessary?
My take is that those details are intentionally left in as is to ensure that the status quo remains exactly the same, thus ensuring that updating a piece of legislation has no unintended consequences.
I mean, if the legislation remains the exact same, even citing the exact same software as reference, then there is no doubt regarding where jurisprudence stands.
It's part of the section "ANNEX LAW-1: EXCHANGES OF DNA, FINGERPRINTS AND VEHICLE REGISTRATION DATA". It's pretty detailed on the exact format of data transfers.
For cross-border regulations like this you're quite right, but making sense is the reason for the UK not doing so, rather than it being a legal requirement.
That implementation has been already reviewed by the UK years ago. The referenced document is about "stepping up of cross-border cooperation, particularly in combating terrorism and
cross-border crime" which goes down to details like XML format of the exchanged data and which parts of DNA are used to identify people across Europe. It's not something that UK can change on its own and definitely not something that should give anyone a pause before accepting the document as was already implemented - just because an old browser is listed in examples.
It can easily be debated as "do we have any issues with the technical details of the international exchange of forensic information or should we continue with what we have right now?"
EU law is full of stuff like this. There's no philosophical conception that law should be minimal or regulation a last resort, so they pass huge laws all the time that specify precise details of things and which get very out of date.
A good example is to compare US law on digital signatures Vs EU law. The latter mandates PKIX and the former just says words to the effect of any digital equivalent of a signature. So you can imagine which is simpler and more flexible.
> former just says words to the effect of any digital equivalent of a signature
The US has FIPS enforced at federal level. FIPS tells you not only what ciphers are allowed, but also how you're going to compile your SSL libraries and in which environment. It's typically way behind practical recommendations in real world.
Since this regulation is not a standard to be used by the public but how governments of various countries interact, I don’t see the problem.
Imagine they had only specified “must be encrypted”. Now France is going with S/MIME with SHA1 but the UK with SHA-256. The French system didn’t anticipate this and the can’t decrypt it. Meanwhile Germany is using PGP and nobody can read anything.
Long way to say: strong specs improve interoperability.
I was under the impression that the EU-UK deal was going to be applied temporarily for some months in order to give all sides time to go over it without significant issues to trade.
Not exactly. The agreement will be temporary because the EU parliament was supposed to get to review it and there wasn't time. However that's supposed to complete soon, not in some months.
There has been no implication of anything here being temporary in any reporting I've seen during the whole process. Did you see something specific that gave you that impression?
Perhaps the overall document was reviewed based on a diff, and so the section regarding email clients wasn't highlighted to reviewers, since it hadn't changed.
And/or there wasn't any versioning applied to the email technology section, so subsequent updates to the recommended-email-clients package haven't yet been pulled into the document.
(this is somewhat tongue-in-cheek; but conceivably some of the techniques that contract reviewers use are not-too-dissimilar to code review. Perhaps it really all is completely manual based on physical documents, but hopefully not..)
Politicians and lawyers are paid well enough and then some for us the people to expect due diligence, especially for such an important piece of legislation that's to be in effect for the foreseeable future.
The base pay of UK politicians is well above median salary and puts them into the top 5% of earners in the country; before you get into things like the fact that housing costs for two homes, travel and food costs are all fully subsidised.
No of course not, what it means is that people with the skills to do the job properly and who care about their responsibilities are looking elsewhere, and only those who feel drawn to power and those who can’t get better jobs are left.
(I don’t have a solution, every option I’ve heard comes with downsides)
For comparison- the MP's salary is similar to that of a military OF-4 (Commander, Lieutenant-Colonel or Wing Commander), a secondary school headteacher, or an NHS consultant (specialist doctor with at least 8-10 years experience post qualification).
But military officers, school officials and senior doctors don't generally have to spend thousands of their own money applying for a job, with no guarantee of success, and they don't typically get to take a five- or ten-year year career break and then just stroll back into their old career again afterwards.
MPs who become part of the government often do fairly well out of it, obviously more so the more senior the government position(s) they hold, and there are a lot more members of the government than most people realise. But rank and file MPs often get a pretty raw deal compared to the kinds of alternative options anyone with the attributes to be a good MP would probably have.
There is no educational or qualification or experience requirement to stand for election as a UK MP, all you need is a few hundred quid, the approval of your party and ten voters.
And this means... what exactly? That we should expect MPs to perform their duties with the same diligence that we expect from military commanders, teachers and specialist doctors? Or that military commanders, teachers and specialist doctors should make rash uninformed decisions because they are underpaid?
Kind of missing the point. They're saying there's no excuse not to use s/MIME since it's in all modern software, and the fact that the modern software they mention isn't so modern any more only strengthens the point, not weakens it.
Yes, we technical people are aware of that. The point is that this new agreement is already long out of date and inadvertently attempting to prevent such progress.
This is EU law, transposed into the agreement to just avoid arguing with the EU about it when there are more important things. The whole point of Brexit is that if wanted such rules can be diverged from now, or better, just repealed entirely.
Whilst that wouldn't help when communicating with the EU, it'd avoid dumb requirements like SHA1 being imposed on other projects that don't involve Europe.
It seems plausible that this is the current EU standard on encrypting DNA profiles, in which case the agreement is correct (in some sense) to mirror it.
Once the EU (hopefully soon) updates its standards, the UK will then have the option to decide whether to follow or not (regulatory divergence) - and presumably the ERG (tory party brexiteers) will not die in a ditch over a move away from SHA-1...
Laws, treaties, etc have no "source code" (that "runs" on bureaucrats and judges - with various results) and they have the worse (and I mean really) the worse diff system possible.
Yeah that part should be updated. It is still valuable in that it specifies that there should be some sort of minimum standards for secure data transfer. Even what is specified there is way better than nothing.
Why is this kind of technical detail in such an agreement? It's inevitably going to go out of date very quickly. Do they have such detail for every industry?
Because that's fundamentally what the EU does - it comes up with long, detailed agreements that specify the exact technical details of things that will sometimes go out of date soon. That is what it, as an institution with a whole bunch of well-paid employees, exists to do. As I understand it, this is just extending an agreement the UK was already a part of when it was part of the EU to the country after it leaves, complete with SHA-1, 1024-bit RSA, and references to Netscape Navigator 4.
Also, I reckon that if these same issues came up in the context of the in-EU version of the agreement, this would be widely portrayed as an example of cynical Euroskeptics taking advantage of people's cluelessness and making a big fuss about nothing, like bendy bananas. It'd be one of the things people relied on to argue that Brexit supporters had just been tricked by the press. Can't see that happening with its use as an anti-Brexit talking point, even though that's substantially more misleading. The entire mainstream narrative around Brexit is just so cynical...
> it comes up with long, detailed agreements that specify the exact technical details of things
Speaking generically, too specific and things get outdated, too generic and there are large margins for discussion. For laws and treaties that should last decades. That's the main issue.
The EU doesn't really need to legislate this stuff at all. The relevant bodies that need to exchange data are quite able to figure it out and coordinate upgrades. But the EU commission has no notion of this type of decentralised decision making, it is a massively centralising force.
Yes, the alternative pitch would presumably be that EU standards (which the agreement is (I suspect) copying for now) aren't being updated fast enough because of the bureaucracy of 27 countries slowing things down, even for uncontroversial changes, and on its own the UK could move more quickly.
That infographic is about as unbiased and trustworthy as the feature comparison table on a software company's website, for about the same reasons.
There are obviously going to be both upsides and downsides to Brexit, for both the UK and EU. It would be nice if just for once in the whole multi-year fiasco we could debate them based on facts and logical reasoning, and neither obviously one-sided summaries like that nor the blatant fear-mongering from the hardcore Brexiteers all over the news this week are going to achieve that.
I hope nobody expected every single copied document to be analysed and refreshed for this agreement. A lot of existing documents will be copied into a new deal as they exist today.